Lenovo TrackPoint Quick Menu DLL Hijacking Vulnerability Allowing Privilege Escalation
Vulnerability
A DLL hijacking vulnerability has been identified in the Lenovo TrackPoint Quick Menu software. Under certain conditions, this vulnerability could enable a local attacker to escalate privileges. The issue arises from the way the software handles dynamic link libraries, potentially allowing unauthorized access to elevated rights.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a local user to gain elevated rights on the system.
Remediation
Users should update the TrackPoint Quick Menu software to version 1.12.54.0. Preloaded versions of the software are updated automatically via Lenovo System Update. For those who manually downloaded TrackPoint Quick Menu, the latest version is available on the Microsoft Store. After updating, users who upgraded to version 1.12 via the Microsoft Store must delete a scheduled task in Task Scheduler and remove a specific directory from ProgramData.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.